Skip to Content
Information
Important

This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 24.3.01

Configuring ​BMC Helix Vault Adapter​

After installing the BMC Helix Vault Adapter, you must configure the Vault Adapter so that it can perform the following tasks:

  • Connect to the enterprise vault (for example, BeyondTrust)
  • Communicate with BMC Helix Operations Management for API key validation.

To configure BMC Helix Vault Adapter to connect to BMC Helix Operations Management

  1. In the Vault Adapter installation directory, open the application.properties file at the following location:
    • Windows: C:\Program Files\BMC Software\VaultAdapter\config\application.properties
    • Linux: /opt/bmc/vaultadapter/config/application.properties
  2. Specify the BMC Helix Operations Management tenant URL that corresponds to the PATROL Agent connecting to the BMC Helix Vault Adapter, as shown below: bhom.server.url=https://<tenant>.bmc.com
  3. Save the application.properties file.

  4. Restart the BMC Vault Adapter service.

To configure BMC Helix Vault Adapter to connect to the enterprise BeyondTrust vault

  1. After you install the BMC Helix Vault Adapter, navigate to its installation directory:
    • Windows: C:\Program Files\BMC Software\VaultAdapter\config\
    • Linux: /opt/bmc/vaultadapter/config/
  2. Open the beyondtrust.properties file and enter the following details that are provided by the vault administrator:
    1. In the beyondtrust.url property, specify the URL for the BeyondTrust vault server.
    2. In the beyondtrust.api_key property, enter the API key.
    3. In the beyondtrust.uername property, enter the BeyondTrust user name.
    4. In the beyondtrust.password property, enter the BeyondTrust password.
  3. Save the application.properties file. 
  4. Restart the BMC Vault Adapter service.
    After you restart the Vault Adapter service, sensitive values such as the API key and password are automatically encrypted in this application.properties file. The BMC Helix Vault Adapter uses these settings to authenticate with the BeyondTrust vault and retrieve credentials for remote-monitored systems.

When the Vault Adapter is enabled, the PATROL Agent uses the values provided in the Username and Password fields to query the Vault Adapter with the correct user name and system name. The Vault Adapter then retrieves the actual password securely from the vault and supplies it to the PATROL Agent at runtime. To support secure, vault-based credential retrieval, configure the Username and Password fields in monitor policies (for example, Windows Remote Monitoring) as follows:

  • Username field: Username of the remote host. Make sure this user name is already registered in BeyondTrust Vault.
  • Password field: Value in the format vault: <username>\<systemname>. Make sure that the prefix vault: is included. In BeyondTrust, the system name refers to the host name associated with the user account.

For example, if the user name of the remote host in the BeyondTrust vault is remoteuserABC and the system name is remoteHostXYZ, specify the password as: vault:remoteuserABC\remoteHostXYZ. This format associates the credentials with a specific remote host. This example configuration represents one of multiple remote hosts that can be configured for remote monitoring. For information about configuring additional remote hosts, refer to the documentation for the applicable remote monitoring Knowledge Module.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC PATROL Agent for BMC Helix Operations Management 26.2